Mac Java hole exploited by wild Flashback Trojan strain

Security watchers have discovered a strain of Mac-specific malware that exploits an unpatched vulnerability in Java.

A variant of the Flashback Trojan exploiting CVE-2012-0507 (a Java vulnerability) has been spotted in the wild, F-Secure warns.

Oracle patched the vulnerability for Windows machines in February but is yet to issue a fix for Mac OS X - creating a window of opportunity for virus writers.

F-Secure advises users to disable Java, which isn't needed to surf the vast majority of websites, on their Mac, as explained in an earlier blog post here.

Some banking websites mandate the use of Java, in which case security-conscious Mac fanbois can re-enable Java for the duration of their session before turning it off again, the Finnish security firm suggests. ®